mirror of
https://github.com/FEX-Emu/linux.git
synced 2025-01-18 15:48:59 +00:00
08ce5f16ee
Implement a cgroup to track and enforce open and mknod restrictions on device files. A device cgroup associates a device access whitelist with each cgroup. A whitelist entry has 4 fields. 'type' is a (all), c (char), or b (block). 'all' means it applies to all types and all major and minor numbers. Major and minor are either an integer or * for all. Access is a composition of r (read), w (write), and m (mknod). The root device cgroup starts with rwm to 'all'. A child devcg gets a copy of the parent. Admins can then remove devices from the whitelist or add new entries. A child cgroup can never receive a device access which is denied its parent. However when a device access is removed from a parent it will not also be removed from the child(ren). An entry is added using devices.allow, and removed using devices.deny. For instance echo 'c 1:3 mr' > /cgroups/1/devices.allow allows cgroup 1 to read and mknod the device usually known as /dev/null. Doing echo a > /cgroups/1/devices.deny will remove the default 'a *:* mrw' entry. CAP_SYS_ADMIN is needed to change permissions or move another task to a new cgroup. A cgroup may not be granted more permissions than the cgroup's parent has. Any task can move itself between cgroups. This won't be sufficient, but we can decide the best way to adequately restrict movement later. [akpm@linux-foundation.org: coding-style fixes] [akpm@linux-foundation.org: fix may-be-used-uninitialized warning] Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: James Morris <jmorris@namei.org> Looks-good-to: Pavel Emelyanov <xemul@openvz.org> Cc: Daniel Hokka Zakrisson <daniel@hozac.com> Cc: Li Zefan <lizf@cn.fujitsu.com> Cc: Paul Menage <menage@google.com> Cc: Balbir Singh <balbir@in.ibm.com> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
883 lines
28 KiB
Plaintext
883 lines
28 KiB
Plaintext
config ARCH
|
|
string
|
|
option env="ARCH"
|
|
|
|
config KERNELVERSION
|
|
string
|
|
option env="KERNELVERSION"
|
|
|
|
config DEFCONFIG_LIST
|
|
string
|
|
depends on !UML
|
|
option defconfig_list
|
|
default "/lib/modules/$UNAME_RELEASE/.config"
|
|
default "/etc/kernel-config"
|
|
default "/boot/config-$UNAME_RELEASE"
|
|
default "arch/$ARCH/defconfig"
|
|
|
|
menu "General setup"
|
|
|
|
config EXPERIMENTAL
|
|
bool "Prompt for development and/or incomplete code/drivers"
|
|
---help---
|
|
Some of the various things that Linux supports (such as network
|
|
drivers, file systems, network protocols, etc.) can be in a state
|
|
of development where the functionality, stability, or the level of
|
|
testing is not yet high enough for general use. This is usually
|
|
known as the "alpha-test" phase among developers. If a feature is
|
|
currently in alpha-test, then the developers usually discourage
|
|
uninformed widespread use of this feature by the general public to
|
|
avoid "Why doesn't this work?" type mail messages. However, active
|
|
testing and use of these systems is welcomed. Just be aware that it
|
|
may not meet the normal level of reliability or it may fail to work
|
|
in some special cases. Detailed bug reports from people familiar
|
|
with the kernel internals are usually welcomed by the developers
|
|
(before submitting bug reports, please read the documents
|
|
<file:README>, <file:MAINTAINERS>, <file:REPORTING-BUGS>,
|
|
<file:Documentation/BUG-HUNTING>, and
|
|
<file:Documentation/oops-tracing.txt> in the kernel source).
|
|
|
|
This option will also make obsoleted drivers available. These are
|
|
drivers that have been replaced by something else, and/or are
|
|
scheduled to be removed in a future kernel release.
|
|
|
|
Unless you intend to help test and develop a feature or driver that
|
|
falls into this category, or you have a situation that requires
|
|
using these features, you should probably say N here, which will
|
|
cause the configurator to present you with fewer choices. If
|
|
you say Y here, you will be offered the choice of using features or
|
|
drivers that are currently considered to be in the alpha-test phase.
|
|
|
|
config BROKEN
|
|
bool
|
|
|
|
config BROKEN_ON_SMP
|
|
bool
|
|
depends on BROKEN || !SMP
|
|
default y
|
|
|
|
config LOCK_KERNEL
|
|
bool
|
|
depends on SMP || PREEMPT
|
|
default y
|
|
|
|
config INIT_ENV_ARG_LIMIT
|
|
int
|
|
default 32 if !UML
|
|
default 128 if UML
|
|
help
|
|
Maximum of each of the number of arguments and environment
|
|
variables passed to init from the kernel command line.
|
|
|
|
|
|
config LOCALVERSION
|
|
string "Local version - append to kernel release"
|
|
help
|
|
Append an extra string to the end of your kernel version.
|
|
This will show up when you type uname, for example.
|
|
The string you set here will be appended after the contents of
|
|
any files with a filename matching localversion* in your
|
|
object and source tree, in that order. Your total string can
|
|
be a maximum of 64 characters.
|
|
|
|
config LOCALVERSION_AUTO
|
|
bool "Automatically append version information to the version string"
|
|
default y
|
|
help
|
|
This will try to automatically determine if the current tree is a
|
|
release tree by looking for git tags that belong to the current
|
|
top of tree revision.
|
|
|
|
A string of the format -gxxxxxxxx will be added to the localversion
|
|
if a git-based tree is found. The string generated by this will be
|
|
appended after any matching localversion* files, and after the value
|
|
set in CONFIG_LOCALVERSION.
|
|
|
|
(The actual string used here is the first eight characters produced
|
|
by running the command:
|
|
|
|
$ git rev-parse --verify HEAD
|
|
|
|
which is done within the script "scripts/setlocalversion".)
|
|
|
|
config SWAP
|
|
bool "Support for paging of anonymous memory (swap)"
|
|
depends on MMU && BLOCK
|
|
default y
|
|
help
|
|
This option allows you to choose whether you want to have support
|
|
for so called swap devices or swap files in your kernel that are
|
|
used to provide more virtual memory than the actual RAM present
|
|
in your computer. If unsure say Y.
|
|
|
|
config SYSVIPC
|
|
bool "System V IPC"
|
|
---help---
|
|
Inter Process Communication is a suite of library functions and
|
|
system calls which let processes (running programs) synchronize and
|
|
exchange information. It is generally considered to be a good thing,
|
|
and some programs won't run unless you say Y here. In particular, if
|
|
you want to run the DOS emulator dosemu under Linux (read the
|
|
DOSEMU-HOWTO, available from <http://www.tldp.org/docs.html#howto>),
|
|
you'll need to say Y here.
|
|
|
|
You can find documentation about IPC with "info ipc" and also in
|
|
section 6.4 of the Linux Programmer's Guide, available from
|
|
<http://www.tldp.org/guides.html>.
|
|
|
|
config SYSVIPC_SYSCTL
|
|
bool
|
|
depends on SYSVIPC
|
|
depends on SYSCTL
|
|
default y
|
|
|
|
config POSIX_MQUEUE
|
|
bool "POSIX Message Queues"
|
|
depends on NET && EXPERIMENTAL
|
|
---help---
|
|
POSIX variant of message queues is a part of IPC. In POSIX message
|
|
queues every message has a priority which decides about succession
|
|
of receiving it by a process. If you want to compile and run
|
|
programs written e.g. for Solaris with use of its POSIX message
|
|
queues (functions mq_*) say Y here.
|
|
|
|
POSIX message queues are visible as a filesystem called 'mqueue'
|
|
and can be mounted somewhere if you want to do filesystem
|
|
operations on message queues.
|
|
|
|
If unsure, say Y.
|
|
|
|
config BSD_PROCESS_ACCT
|
|
bool "BSD Process Accounting"
|
|
help
|
|
If you say Y here, a user level program will be able to instruct the
|
|
kernel (via a special system call) to write process accounting
|
|
information to a file: whenever a process exits, information about
|
|
that process will be appended to the file by the kernel. The
|
|
information includes things such as creation time, owning user,
|
|
command name, memory usage, controlling terminal etc. (the complete
|
|
list is in the struct acct in <file:include/linux/acct.h>). It is
|
|
up to the user level program to do useful things with this
|
|
information. This is generally a good idea, so say Y.
|
|
|
|
config BSD_PROCESS_ACCT_V3
|
|
bool "BSD Process Accounting version 3 file format"
|
|
depends on BSD_PROCESS_ACCT
|
|
default n
|
|
help
|
|
If you say Y here, the process accounting information is written
|
|
in a new file format that also logs the process IDs of each
|
|
process and it's parent. Note that this file format is incompatible
|
|
with previous v0/v1/v2 file formats, so you will need updated tools
|
|
for processing it. A preliminary version of these tools is available
|
|
at <http://www.physik3.uni-rostock.de/tim/kernel/utils/acct/>.
|
|
|
|
config TASKSTATS
|
|
bool "Export task/process statistics through netlink (EXPERIMENTAL)"
|
|
depends on NET
|
|
default n
|
|
help
|
|
Export selected statistics for tasks/processes through the
|
|
generic netlink interface. Unlike BSD process accounting, the
|
|
statistics are available during the lifetime of tasks/processes as
|
|
responses to commands. Like BSD accounting, they are sent to user
|
|
space on task exit.
|
|
|
|
Say N if unsure.
|
|
|
|
config TASK_DELAY_ACCT
|
|
bool "Enable per-task delay accounting (EXPERIMENTAL)"
|
|
depends on TASKSTATS
|
|
help
|
|
Collect information on time spent by a task waiting for system
|
|
resources like cpu, synchronous block I/O completion and swapping
|
|
in pages. Such statistics can help in setting a task's priorities
|
|
relative to other tasks for cpu, io, rss limits etc.
|
|
|
|
Say N if unsure.
|
|
|
|
config TASK_XACCT
|
|
bool "Enable extended accounting over taskstats (EXPERIMENTAL)"
|
|
depends on TASKSTATS
|
|
help
|
|
Collect extended task accounting data and send the data
|
|
to userland for processing over the taskstats interface.
|
|
|
|
Say N if unsure.
|
|
|
|
config TASK_IO_ACCOUNTING
|
|
bool "Enable per-task storage I/O accounting (EXPERIMENTAL)"
|
|
depends on TASK_XACCT
|
|
help
|
|
Collect information on the number of bytes of storage I/O which this
|
|
task has caused.
|
|
|
|
Say N if unsure.
|
|
|
|
config AUDIT
|
|
bool "Auditing support"
|
|
depends on NET
|
|
help
|
|
Enable auditing infrastructure that can be used with another
|
|
kernel subsystem, such as SELinux (which requires this for
|
|
logging of avc messages output). Does not do system-call
|
|
auditing without CONFIG_AUDITSYSCALL.
|
|
|
|
config AUDITSYSCALL
|
|
bool "Enable system-call auditing support"
|
|
depends on AUDIT && (X86 || PPC || PPC64 || S390 || IA64 || UML || SPARC64|| SUPERH)
|
|
default y if SECURITY_SELINUX
|
|
help
|
|
Enable low-overhead system-call auditing infrastructure that
|
|
can be used independently or with another kernel subsystem,
|
|
such as SELinux. To use audit's filesystem watch feature, please
|
|
ensure that INOTIFY is configured.
|
|
|
|
config AUDIT_TREE
|
|
def_bool y
|
|
depends on AUDITSYSCALL && INOTIFY
|
|
|
|
config IKCONFIG
|
|
tristate "Kernel .config support"
|
|
---help---
|
|
This option enables the complete Linux kernel ".config" file
|
|
contents to be saved in the kernel. It provides documentation
|
|
of which kernel options are used in a running kernel or in an
|
|
on-disk kernel. This information can be extracted from the kernel
|
|
image file with the script scripts/extract-ikconfig and used as
|
|
input to rebuild the current kernel or to build another kernel.
|
|
It can also be extracted from a running kernel by reading
|
|
/proc/config.gz if enabled (below).
|
|
|
|
config IKCONFIG_PROC
|
|
bool "Enable access to .config through /proc/config.gz"
|
|
depends on IKCONFIG && PROC_FS
|
|
---help---
|
|
This option enables access to the kernel configuration file
|
|
through /proc/config.gz.
|
|
|
|
config LOG_BUF_SHIFT
|
|
int "Kernel log buffer size (16 => 64KB, 17 => 128KB)"
|
|
range 12 21
|
|
default 17
|
|
help
|
|
Select kernel log buffer size as a power of 2.
|
|
Examples:
|
|
17 => 128 KB
|
|
16 => 64 KB
|
|
15 => 32 KB
|
|
14 => 16 KB
|
|
13 => 8 KB
|
|
12 => 4 KB
|
|
|
|
config CGROUPS
|
|
bool "Control Group support"
|
|
help
|
|
This option will let you use process cgroup subsystems
|
|
such as Cpusets
|
|
|
|
Say N if unsure.
|
|
|
|
config CGROUP_DEBUG
|
|
bool "Example debug cgroup subsystem"
|
|
depends on CGROUPS
|
|
default n
|
|
help
|
|
This option enables a simple cgroup subsystem that
|
|
exports useful debugging information about the cgroups
|
|
framework
|
|
|
|
Say N if unsure
|
|
|
|
config CGROUP_NS
|
|
bool "Namespace cgroup subsystem"
|
|
depends on CGROUPS
|
|
help
|
|
Provides a simple namespace cgroup subsystem to
|
|
provide hierarchical naming of sets of namespaces,
|
|
for instance virtual servers and checkpoint/restart
|
|
jobs.
|
|
|
|
config CGROUP_DEVICE
|
|
bool "Device controller for cgroups"
|
|
depends on CGROUPS && EXPERIMENTAL
|
|
help
|
|
Provides a cgroup implementing whitelists for devices which
|
|
a process in the cgroup can mknod or open.
|
|
|
|
config CPUSETS
|
|
bool "Cpuset support"
|
|
depends on SMP && CGROUPS
|
|
help
|
|
This option will let you create and manage CPUSETs which
|
|
allow dynamically partitioning a system into sets of CPUs and
|
|
Memory Nodes and assigning tasks to run only within those sets.
|
|
This is primarily useful on large SMP or NUMA systems.
|
|
|
|
Say N if unsure.
|
|
|
|
config GROUP_SCHED
|
|
bool "Group CPU scheduler"
|
|
default y
|
|
help
|
|
This feature lets CPU scheduler recognize task groups and control CPU
|
|
bandwidth allocation to such task groups.
|
|
|
|
config FAIR_GROUP_SCHED
|
|
bool "Group scheduling for SCHED_OTHER"
|
|
depends on GROUP_SCHED
|
|
default y
|
|
|
|
config RT_GROUP_SCHED
|
|
bool "Group scheduling for SCHED_RR/FIFO"
|
|
depends on EXPERIMENTAL
|
|
depends on GROUP_SCHED
|
|
default n
|
|
help
|
|
This feature lets you explicitly allocate real CPU bandwidth
|
|
to users or control groups (depending on the "Basis for grouping tasks"
|
|
setting below. If enabled, it will also make it impossible to
|
|
schedule realtime tasks for non-root users until you allocate
|
|
realtime bandwidth for them.
|
|
See Documentation/sched-rt-group.txt for more information.
|
|
|
|
choice
|
|
depends on GROUP_SCHED
|
|
prompt "Basis for grouping tasks"
|
|
default USER_SCHED
|
|
|
|
config USER_SCHED
|
|
bool "user id"
|
|
help
|
|
This option will choose userid as the basis for grouping
|
|
tasks, thus providing equal CPU bandwidth to each user.
|
|
|
|
config CGROUP_SCHED
|
|
bool "Control groups"
|
|
depends on CGROUPS
|
|
help
|
|
This option allows you to create arbitrary task groups
|
|
using the "cgroup" pseudo filesystem and control
|
|
the cpu bandwidth allocated to each such task group.
|
|
Refer to Documentation/cgroups.txt for more information
|
|
on "cgroup" pseudo filesystem.
|
|
|
|
endchoice
|
|
|
|
config CGROUP_CPUACCT
|
|
bool "Simple CPU accounting cgroup subsystem"
|
|
depends on CGROUPS
|
|
help
|
|
Provides a simple Resource Controller for monitoring the
|
|
total CPU consumed by the tasks in a cgroup
|
|
|
|
config RESOURCE_COUNTERS
|
|
bool "Resource counters"
|
|
help
|
|
This option enables controller independent resource accounting
|
|
infrastructure that works with cgroups
|
|
depends on CGROUPS
|
|
|
|
config CGROUP_MEM_RES_CTLR
|
|
bool "Memory Resource Controller for Control Groups"
|
|
depends on CGROUPS && RESOURCE_COUNTERS
|
|
help
|
|
Provides a memory resource controller that manages both page cache and
|
|
RSS memory.
|
|
|
|
Note that setting this option increases fixed memory overhead
|
|
associated with each page of memory in the system by 4/8 bytes
|
|
and also increases cache misses because struct page on many 64bit
|
|
systems will not fit into a single cache line anymore.
|
|
|
|
Only enable when you're ok with these trade offs and really
|
|
sure you need the memory resource controller.
|
|
|
|
config SYSFS_DEPRECATED
|
|
bool
|
|
|
|
config SYSFS_DEPRECATED_V2
|
|
bool "Create deprecated sysfs files"
|
|
depends on SYSFS
|
|
default y
|
|
select SYSFS_DEPRECATED
|
|
help
|
|
This option creates deprecated symlinks such as the
|
|
"device"-link, the <subsystem>:<name>-link, and the
|
|
"bus"-link. It may also add deprecated key in the
|
|
uevent environment.
|
|
None of these features or values should be used today, as
|
|
they export driver core implementation details to userspace
|
|
or export properties which can't be kept stable across kernel
|
|
releases.
|
|
|
|
If enabled, this option will also move any device structures
|
|
that belong to a class, back into the /sys/class hierarchy, in
|
|
order to support older versions of udev and some userspace
|
|
programs.
|
|
|
|
If you are using a distro with the most recent userspace
|
|
packages, it should be safe to say N here.
|
|
|
|
config PROC_PID_CPUSET
|
|
bool "Include legacy /proc/<pid>/cpuset file"
|
|
depends on CPUSETS
|
|
default y
|
|
|
|
config RELAY
|
|
bool "Kernel->user space relay support (formerly relayfs)"
|
|
help
|
|
This option enables support for relay interface support in
|
|
certain file systems (such as debugfs).
|
|
It is designed to provide an efficient mechanism for tools and
|
|
facilities to relay large amounts of data from kernel space to
|
|
user space.
|
|
|
|
If unsure, say N.
|
|
|
|
config NAMESPACES
|
|
bool "Namespaces support" if EMBEDDED
|
|
default !EMBEDDED
|
|
help
|
|
Provides the way to make tasks work with different objects using
|
|
the same id. For example same IPC id may refer to different objects
|
|
or same user id or pid may refer to different tasks when used in
|
|
different namespaces.
|
|
|
|
config UTS_NS
|
|
bool "UTS namespace"
|
|
depends on NAMESPACES
|
|
help
|
|
In this namespace tasks see different info provided with the
|
|
uname() system call
|
|
|
|
config IPC_NS
|
|
bool "IPC namespace"
|
|
depends on NAMESPACES && SYSVIPC
|
|
help
|
|
In this namespace tasks work with IPC ids which correspond to
|
|
different IPC objects in different namespaces
|
|
|
|
config USER_NS
|
|
bool "User namespace (EXPERIMENTAL)"
|
|
depends on NAMESPACES && EXPERIMENTAL
|
|
help
|
|
This allows containers, i.e. vservers, to use user namespaces
|
|
to provide different user info for different servers.
|
|
If unsure, say N.
|
|
|
|
config PID_NS
|
|
bool "PID Namespaces (EXPERIMENTAL)"
|
|
default n
|
|
depends on NAMESPACES && EXPERIMENTAL
|
|
help
|
|
Suport process id namespaces. This allows having multiple
|
|
process with the same pid as long as they are in different
|
|
pid namespaces. This is a building block of containers.
|
|
|
|
Unless you want to work with an experimental feature
|
|
say N here.
|
|
|
|
config BLK_DEV_INITRD
|
|
bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
|
|
depends on BROKEN || !FRV
|
|
help
|
|
The initial RAM filesystem is a ramfs which is loaded by the
|
|
boot loader (loadlin or lilo) and that is mounted as root
|
|
before the normal boot procedure. It is typically used to
|
|
load modules needed to mount the "real" root file system,
|
|
etc. See <file:Documentation/initrd.txt> for details.
|
|
|
|
If RAM disk support (BLK_DEV_RAM) is also included, this
|
|
also enables initial RAM disk (initrd) support and adds
|
|
15 Kbytes (more on some other architectures) to the kernel size.
|
|
|
|
If unsure say Y.
|
|
|
|
if BLK_DEV_INITRD
|
|
|
|
source "usr/Kconfig"
|
|
|
|
endif
|
|
|
|
config CC_OPTIMIZE_FOR_SIZE
|
|
bool "Optimize for size"
|
|
default y
|
|
help
|
|
Enabling this option will pass "-Os" instead of "-O2" to gcc
|
|
resulting in a smaller kernel.
|
|
|
|
If unsure, say N.
|
|
|
|
config SYSCTL
|
|
bool
|
|
|
|
menuconfig EMBEDDED
|
|
bool "Configure standard kernel features (for small systems)"
|
|
help
|
|
This option allows certain base kernel options and settings
|
|
to be disabled or tweaked. This is for specialized
|
|
environments which can tolerate a "non-standard" kernel.
|
|
Only use this if you really know what you are doing.
|
|
|
|
config UID16
|
|
bool "Enable 16-bit UID system calls" if EMBEDDED
|
|
depends on ARM || BLACKFIN || CRIS || FRV || H8300 || X86_32 || M68K || (S390 && !64BIT) || SUPERH || SPARC32 || (SPARC64 && COMPAT) || UML || (X86_64 && IA32_EMULATION)
|
|
default y
|
|
help
|
|
This enables the legacy 16-bit UID syscall wrappers.
|
|
|
|
config SYSCTL_SYSCALL
|
|
bool "Sysctl syscall support" if EMBEDDED
|
|
default y
|
|
select SYSCTL
|
|
---help---
|
|
sys_sysctl uses binary paths that have been found challenging
|
|
to properly maintain and use. The interface in /proc/sys
|
|
using paths with ascii names is now the primary path to this
|
|
information.
|
|
|
|
Almost nothing using the binary sysctl interface so if you are
|
|
trying to save some space it is probably safe to disable this,
|
|
making your kernel marginally smaller.
|
|
|
|
If unsure say Y here.
|
|
|
|
config KALLSYMS
|
|
bool "Load all symbols for debugging/ksymoops" if EMBEDDED
|
|
default y
|
|
help
|
|
Say Y here to let the kernel print out symbolic crash information and
|
|
symbolic stack backtraces. This increases the size of the kernel
|
|
somewhat, as all symbols have to be loaded into the kernel image.
|
|
|
|
config KALLSYMS_ALL
|
|
bool "Include all symbols in kallsyms"
|
|
depends on DEBUG_KERNEL && KALLSYMS
|
|
help
|
|
Normally kallsyms only contains the symbols of functions, for nicer
|
|
OOPS messages. Some debuggers can use kallsyms for other
|
|
symbols too: say Y here to include all symbols, if you need them
|
|
and you don't care about adding 300k to the size of your kernel.
|
|
|
|
Say N.
|
|
|
|
config KALLSYMS_EXTRA_PASS
|
|
bool "Do an extra kallsyms pass"
|
|
depends on KALLSYMS
|
|
help
|
|
If kallsyms is not working correctly, the build will fail with
|
|
inconsistent kallsyms data. If that occurs, log a bug report and
|
|
turn on KALLSYMS_EXTRA_PASS which should result in a stable build.
|
|
Always say N here unless you find a bug in kallsyms, which must be
|
|
reported. KALLSYMS_EXTRA_PASS is only a temporary workaround while
|
|
you wait for kallsyms to be fixed.
|
|
|
|
|
|
config HOTPLUG
|
|
bool "Support for hot-pluggable devices" if EMBEDDED
|
|
default y
|
|
help
|
|
This option is provided for the case where no hotplug or uevent
|
|
capabilities is wanted by the kernel. You should only consider
|
|
disabling this option for embedded systems that do not use modules, a
|
|
dynamic /dev tree, or dynamic device discovery. Just say Y.
|
|
|
|
config PRINTK
|
|
default y
|
|
bool "Enable support for printk" if EMBEDDED
|
|
help
|
|
This option enables normal printk support. Removing it
|
|
eliminates most of the message strings from the kernel image
|
|
and makes the kernel more or less silent. As this makes it
|
|
very difficult to diagnose system problems, saying N here is
|
|
strongly discouraged.
|
|
|
|
config BUG
|
|
bool "BUG() support" if EMBEDDED
|
|
default y
|
|
help
|
|
Disabling this option eliminates support for BUG and WARN, reducing
|
|
the size of your kernel image and potentially quietly ignoring
|
|
numerous fatal conditions. You should only consider disabling this
|
|
option for embedded systems with no facilities for reporting errors.
|
|
Just say Y.
|
|
|
|
config ELF_CORE
|
|
default y
|
|
bool "Enable ELF core dumps" if EMBEDDED
|
|
help
|
|
Enable support for generating core dumps. Disabling saves about 4k.
|
|
|
|
config COMPAT_BRK
|
|
bool "Disable heap randomization"
|
|
default y
|
|
help
|
|
Randomizing heap placement makes heap exploits harder, but it
|
|
also breaks ancient binaries (including anything libc5 based).
|
|
This option changes the bootup default to heap randomization
|
|
disabled, and can be overriden runtime by setting
|
|
/proc/sys/kernel/randomize_va_space to 2.
|
|
|
|
On non-ancient distros (post-2000 ones) N is usually a safe choice.
|
|
|
|
config BASE_FULL
|
|
default y
|
|
bool "Enable full-sized data structures for core" if EMBEDDED
|
|
help
|
|
Disabling this option reduces the size of miscellaneous core
|
|
kernel data structures. This saves memory on small machines,
|
|
but may reduce performance.
|
|
|
|
config FUTEX
|
|
bool "Enable futex support" if EMBEDDED
|
|
default y
|
|
select RT_MUTEXES
|
|
help
|
|
Disabling this option will cause the kernel to be built without
|
|
support for "fast userspace mutexes". The resulting kernel may not
|
|
run glibc-based applications correctly.
|
|
|
|
config ANON_INODES
|
|
bool
|
|
|
|
config EPOLL
|
|
bool "Enable eventpoll support" if EMBEDDED
|
|
default y
|
|
select ANON_INODES
|
|
help
|
|
Disabling this option will cause the kernel to be built without
|
|
support for epoll family of system calls.
|
|
|
|
config SIGNALFD
|
|
bool "Enable signalfd() system call" if EMBEDDED
|
|
select ANON_INODES
|
|
default y
|
|
help
|
|
Enable the signalfd() system call that allows to receive signals
|
|
on a file descriptor.
|
|
|
|
If unsure, say Y.
|
|
|
|
config TIMERFD
|
|
bool "Enable timerfd() system call" if EMBEDDED
|
|
select ANON_INODES
|
|
default y
|
|
help
|
|
Enable the timerfd() system call that allows to receive timer
|
|
events on a file descriptor.
|
|
|
|
If unsure, say Y.
|
|
|
|
config EVENTFD
|
|
bool "Enable eventfd() system call" if EMBEDDED
|
|
select ANON_INODES
|
|
default y
|
|
help
|
|
Enable the eventfd() system call that allows to receive both
|
|
kernel notification (ie. KAIO) or userspace notifications.
|
|
|
|
If unsure, say Y.
|
|
|
|
config SHMEM
|
|
bool "Use full shmem filesystem" if EMBEDDED
|
|
default y
|
|
depends on MMU
|
|
help
|
|
The shmem is an internal filesystem used to manage shared memory.
|
|
It is backed by swap and manages resource limits. It is also exported
|
|
to userspace as tmpfs if TMPFS is enabled. Disabling this
|
|
option replaces shmem and tmpfs with the much simpler ramfs code,
|
|
which may be appropriate on small systems without swap.
|
|
|
|
config VM_EVENT_COUNTERS
|
|
default y
|
|
bool "Enable VM event counters for /proc/vmstat" if EMBEDDED
|
|
help
|
|
VM event counters are needed for event counts to be shown.
|
|
This option allows the disabling of the VM event counters
|
|
on EMBEDDED systems. /proc/vmstat will only show page counts
|
|
if VM event counters are disabled.
|
|
|
|
config SLUB_DEBUG
|
|
default y
|
|
bool "Enable SLUB debugging support" if EMBEDDED
|
|
depends on SLUB
|
|
help
|
|
SLUB has extensive debug support features. Disabling these can
|
|
result in significant savings in code size. This also disables
|
|
SLUB sysfs support. /sys/slab will not exist and there will be
|
|
no support for cache validation etc.
|
|
|
|
choice
|
|
prompt "Choose SLAB allocator"
|
|
default SLUB
|
|
help
|
|
This option allows to select a slab allocator.
|
|
|
|
config SLAB
|
|
bool "SLAB"
|
|
help
|
|
The regular slab allocator that is established and known to work
|
|
well in all environments. It organizes cache hot objects in
|
|
per cpu and per node queues. SLAB is the default choice for
|
|
a slab allocator.
|
|
|
|
config SLUB
|
|
bool "SLUB (Unqueued Allocator)"
|
|
help
|
|
SLUB is a slab allocator that minimizes cache line usage
|
|
instead of managing queues of cached objects (SLAB approach).
|
|
Per cpu caching is realized using slabs of objects instead
|
|
of queues of objects. SLUB can use memory efficiently
|
|
and has enhanced diagnostics.
|
|
|
|
config SLOB
|
|
depends on EMBEDDED
|
|
bool "SLOB (Simple Allocator)"
|
|
help
|
|
SLOB replaces the stock allocator with a drastically simpler
|
|
allocator. SLOB is generally more space efficient but
|
|
does not perform as well on large systems.
|
|
|
|
endchoice
|
|
|
|
config PROFILING
|
|
bool "Profiling support (EXPERIMENTAL)"
|
|
help
|
|
Say Y here to enable the extended profiling support mechanisms used
|
|
by profilers such as OProfile.
|
|
|
|
config MARKERS
|
|
bool "Activate markers"
|
|
help
|
|
Place an empty function call at each marker site. Can be
|
|
dynamically changed for a probe function.
|
|
|
|
source "arch/Kconfig"
|
|
|
|
config PROC_PAGE_MONITOR
|
|
default y
|
|
depends on PROC_FS && MMU
|
|
bool "Enable /proc page monitoring" if EMBEDDED
|
|
help
|
|
Various /proc files exist to monitor process memory utilization:
|
|
/proc/pid/smaps, /proc/pid/clear_refs, /proc/pid/pagemap,
|
|
/proc/kpagecount, and /proc/kpageflags. Disabling these
|
|
interfaces will reduce the size of the kernel by approximately 4kb.
|
|
|
|
endmenu # General setup
|
|
|
|
config SLABINFO
|
|
bool
|
|
depends on PROC_FS
|
|
depends on SLAB || SLUB_DEBUG
|
|
default y
|
|
|
|
config RT_MUTEXES
|
|
boolean
|
|
select PLIST
|
|
|
|
config TINY_SHMEM
|
|
default !SHMEM
|
|
bool
|
|
|
|
config BASE_SMALL
|
|
int
|
|
default 0 if BASE_FULL
|
|
default 1 if !BASE_FULL
|
|
|
|
menuconfig MODULES
|
|
bool "Enable loadable module support"
|
|
help
|
|
Kernel modules are small pieces of compiled code which can
|
|
be inserted in the running kernel, rather than being
|
|
permanently built into the kernel. You use the "modprobe"
|
|
tool to add (and sometimes remove) them. If you say Y here,
|
|
many parts of the kernel can be built as modules (by
|
|
answering M instead of Y where indicated): this is most
|
|
useful for infrequently used options which are not required
|
|
for booting. For more information, see the man pages for
|
|
modprobe, lsmod, modinfo, insmod and rmmod.
|
|
|
|
If you say Y here, you will need to run "make
|
|
modules_install" to put the modules under /lib/modules/
|
|
where modprobe can find them (you may need to be root to do
|
|
this).
|
|
|
|
If unsure, say Y.
|
|
|
|
config MODULE_UNLOAD
|
|
bool "Module unloading"
|
|
depends on MODULES
|
|
help
|
|
Without this option you will not be able to unload any
|
|
modules (note that some modules may not be unloadable
|
|
anyway), which makes your kernel slightly smaller and
|
|
simpler. If unsure, say Y.
|
|
|
|
config MODULE_FORCE_UNLOAD
|
|
bool "Forced module unloading"
|
|
depends on MODULE_UNLOAD && EXPERIMENTAL
|
|
help
|
|
This option allows you to force a module to unload, even if the
|
|
kernel believes it is unsafe: the kernel will remove the module
|
|
without waiting for anyone to stop using it (using the -f option to
|
|
rmmod). This is mainly for kernel developers and desperate users.
|
|
If unsure, say N.
|
|
|
|
config MODVERSIONS
|
|
bool "Module versioning support"
|
|
depends on MODULES
|
|
help
|
|
Usually, you have to use modules compiled with your kernel.
|
|
Saying Y here makes it sometimes possible to use modules
|
|
compiled for different kernels, by adding enough information
|
|
to the modules to (hopefully) spot any changes which would
|
|
make them incompatible with the kernel you are running. If
|
|
unsure, say N.
|
|
|
|
config MODULE_SRCVERSION_ALL
|
|
bool "Source checksum for all modules"
|
|
depends on MODULES
|
|
help
|
|
Modules which contain a MODULE_VERSION get an extra "srcversion"
|
|
field inserted into their modinfo section, which contains a
|
|
sum of the source files which made it. This helps maintainers
|
|
see exactly which source was used to build a module (since
|
|
others sometimes change the module source without updating
|
|
the version). With this option, such a "srcversion" field
|
|
will be created for all modules. If unsure, say N.
|
|
|
|
config KMOD
|
|
bool "Automatic kernel module loading"
|
|
depends on MODULES
|
|
help
|
|
Normally when you have selected some parts of the kernel to
|
|
be created as kernel modules, you must load them (using the
|
|
"modprobe" command) before you can use them. If you say Y
|
|
here, some parts of the kernel will be able to load modules
|
|
automatically: when a part of the kernel needs a module, it
|
|
runs modprobe with the appropriate arguments, thereby
|
|
loading the module if it is available. If unsure, say Y.
|
|
|
|
config STOP_MACHINE
|
|
bool
|
|
default y
|
|
depends on (SMP && MODULE_UNLOAD) || HOTPLUG_CPU
|
|
help
|
|
Need stop_machine() primitive.
|
|
|
|
source "block/Kconfig"
|
|
|
|
config PREEMPT_NOTIFIERS
|
|
bool
|
|
|
|
config CLASSIC_RCU
|
|
def_bool !PREEMPT_RCU
|
|
help
|
|
This option selects the classic RCU implementation that is
|
|
designed for best read-side performance on non-realtime
|
|
systems. Classic RCU is the default. Note that the
|
|
PREEMPT_RCU symbol is used to select/deselect this option.
|